Look Before You LeapThe government plans to apply analytic technologies on a global scale in the war on terrorism, but will they prove an effective weapon?by Seth Grimes U.S. government reactions to post-Cold War international terrorism and to threatening autocratic regimes have been information-centric in ways that would make the CEOs of Wal-Mart and FedEx proud. The U.S. Military's reliance on information technologies is worth a column or two, but this column's subject is the ambitious use of IT in the war on terrorism. The government seeks to detect suspect activities through unprecedented electronic surveillance, monitoring, and large-scale data analysis. If successful, antiterror programs will ensure public safety by providing leads and evidence that help agents render would-be terrorists helpless to act. The projected monetary cost of these programs is huge — proportional to the task — and there may be significant privacy costs as well. Issues are similar to those faced by private and public organizations that must respond both to public concerns and to government legislation, such as the Privacy Act of 1974 and the Health Insurance Portability and Accountability Act of 1996 (HIPAA): that information collection, use, and archiving should be justified and disclosed. A host of organizations from across the political spectrum are keeping tabs on these issues as they relate to the war on terrorism, answering in part the age-old question: Quis custodiet ipsos custodes? Who will watch the watchers? There's another part to the answer, however, that's less positive: I find little evidence of government, academic, or advocacy-group oversight in place or planned to evaluate whether these ambitious and highly technical government decision systems are likely to work. Focus of ConcernsI recently attended a Washington, D.C. program on data mining and privacy sponsored by the Forum on Innovation and Technology and Sen. Ron Wyden (D-Ore.). The three panelists, Richard Perle (former assistant secretary of defense), James Dempsey (executive director of the Center for Democracy and Technology), and Peter Coddington (representing data-mining vendor ClearForest Corp.), discussed whether government national-security programs that integrate and analyze government and commercial data and statistics might compromise the constitutionally derived privacy rights of American citizens. Just as industry uses data mining to detect patterns, create profiles, and score individual cases for risk assessment, fraud detection, creditworthiness, knowledge management (search), and other applications, the federal government would apply these techniques to detect suspicious activity and identify and monitor dangerous persons and organizations. Discussion at that forum was about policy, as you'd expect of a Senate meeting. That data mining, scoring, and similar techniques can and will enhance our security was, to forum panelists and attendees, implicit. It should not have been. Industry best practices say that you need to examine options and show that a particular one will work before spending dollars on implementation, especially when deployment will touch millions of lives. In the desire to be seen as doing something, the government seems to have thrown out the window best practices that we in the industry take for granted. When quizzed about the apparent lack of technical evaluation, the forum panelists uniformly responded that " scientific" review is urgent, and none knew of any taking place. They agreed that the large-scale, cross-domain effectiveness of the techniques the government would apply hasn't been proven. I'll note that in addition, the government doesn't appear to have evaluated alternatives. I don't question that analytic techniques can help fight terrorism. But in today's highly charged atmosphere — the U.S. is beset by partisan rivalry, the return of record budget deficits, a sluggish economy, our inability to date to bring the Sept. 11th terrorists to justice, and uncertainty about the limits of U.S. engagement in the Middle East — I fear that we have abandoned sensible, prudent technology conventions in the name of political expediency for the sake of appearing to be doing something. Although uncertainty about effectiveness and appropriateness doesn't justify idly doing nothing, neither is it a license for doing just anything. Stutter StepsCongress enacted the USA Patriot Act in October 2001 as an initial salvo in the war on terrorism. That legislation was passed hastily — the Electronic Frontier Foundation (EFF) says without " sufficient time to debate it or to hear testimony from experts" — and greatly expanded the government's surveillance and data-collection authority in diverse areas ranging from electronic communications to consumer transactions. Draft provisions of the follow-on Domestic Security Enhancement Act of 2003, often referred to as Patriot II, enable law enforcement personnel to collect DNA samples and monitor any individual's electronic communications for up to 15 days without customary authorizations and oversight. An EFF analysis calls these efforts a " mindless accumulation of data" that " is not intelligence." The EFF analysis offers the opinion that " Intelligence requires focused thinking and focused questions. Instead, we're building a Tower of Babel. If this continues, we'll get the worst of both worlds — all the disadvantages of widespread privacy invasion with none of the security benefit."
|
 |
Most Popular This Week
IE Weekly Newsletter
Subscribe to the newsletter
| |
|
|